Vulnerabilities > CVE-2018-7855 - Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-754

NVD

Published: 2019-05-22

Updated: 2024-11-21

Summary

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Modicon Premium Firmware - Schneider Electric Modicon Quantum Firmware - Schneider Electric Modicon M340 Firmware - Schneider Electric Modicon M340 Firmware 3.01 Schneider Electric Modicon M580 Firmware - Schneider Electric Modicon M580 Firmware 2.10 Schneider Electric Modicon M580 Firmware 2.12 Schneider Electric Modicon M580 Firmware 2.30 Schneider Electric Modicon M580 Firmware 2.41 Schneider Electric Modicon M580 Firmware 2.80	10
Hardware	Schneider-Electric Schneider Electric Modicon Premium - Schneider Electric Modicon Quantum - Schneider Electric Modicon M340 - Schneider Electric Modicon M580 -	4

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Talos

id	TALOS-2019-0766
last seen	2019-06-10
published	2019-06-10
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766
title	Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Talos

References